CVE-2026-5281
Google Dawn Use-After-Free Vulnerability - [Actively Exploited]
Description
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
INFO
Published Date :
April 1, 2026, 5:16 a.m.
Last Modified :
April 2, 2026, 1:16 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Unknown
This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281
Affected Products
The following products are affected by CVE-2026-5281
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
Solution
- Update Google Chrome to version 146.0.7680.178 or later.
- Apply vendor patches when available.
Public PoC/Exploit Available at Github
CVE-2026-5281 has a 9 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-5281.
| URL | Resource |
|---|---|
| https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html | Vendor Advisory |
| https://issues.chromium.org/issues/491518608 | Issue Tracking Permissions Required |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-5281 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-5281
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
CVE-2026-5281 (Chrome Dawn WebGPU UAF) analysis, lab validation tools, and reproducible environment for vulnerable vs patched builds.
google-chrome cve-2026-5281 browser-exploitation
Python HTML
Security Tracker
Python
Chrome WebGPU Use-After-Free (CWE-416) This toolkit is for security research and defensive verification around CVE-2026-5281. Patched Chrome version: 146.0.7680.178 Potentially vulnerable versions: anything below 146.0.7680.178
Python
Automated GitHub Actions workflow that fetches and updates the latest cybersecurity news every Tuesday and Thursday using RSS feeds.
For developers, researchers, students, and builders: a free, open-source security intelligence aggregator that tracks CVEs, threat intel, and breaking security news in real time, from 17 sources — NVD, CISA, Unit 42, SANS, Schneier, and more — into one encrypted local database you control. — privately, locally, on your machine.
cve cybersecurity cybersecurity-education cybersecurity-tools mitre-attack portfolio portfolio-project python security-intelligence sqlite threat-detection threat-intelligence vulnerability-detection vulnerability-management vulnerability-scanners security-tools
Python Shell
DSA and DLA for Debian last 14 days
Python
None
Python
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
Python HTML
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-5281 vulnerability anywhere in the article.
-
Daily CyberSecurity
Root Access at Risk: Critical Nix Sandbox Escape Overwrites Sensitive System Files
A severe security vulnerability has been identified in the Nix package manager, a tool celebrated by the Linux and Unix communities for making package management reliable and reproducible. Tracked as ... Read more
-
Daily CyberSecurity
Critical Privilege Escalation in Checkmk: Root Access at Risk
A critical-severity security vulnerability has been identified in the Checkmk monitoring platform, potentially allowing local users to seize full control of the host system. The flaw, tracked as CVE-2 ... Read more
-
The Hacker News
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. T ... Read more
-
Help Net Security
April 2026 Patch Tuesday forecast: Spring-cleaning of a preview
I just blinked and the first quarter of the year is GONE. Where does the time go? I looked back at my article from last month where I touched on the use of AI and some of the vulnerabilities associate ... Read more
-
Daily CyberSecurity
HPE Aruba Patches High-Severity Credential Theft Flaw
HPE Aruba Networking has issued an important software update to address a high-severity security flaw in its Private 5G Core On-Prem Platform. The vulnerability, tracked as CVE-2026-23818, could allow ... Read more
-
Daily CyberSecurity
TP-Link Archer AX53 Hit by Multiple High-Severity Vulnerabilities
TP-Link has issued an urgent security advisory regarding its Archer AX53 v1.0 router, detailing five distinct vulnerabilities that could allow attackers to seize control of the device or leak sensitiv ... Read more
-
Daily CyberSecurity
Cloud Engineering at Risk: AWS Patches Critical Privilege Escalation and RCE Flaws in RES
Research and Engineering Studio on AWS architecture | Image: AWS Amazon Web Services (AWS) has released urgent security updates for its Research and Engineering Studio (RES), an open-source portal des ... Read more
-
The Hacker News
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't.This one's got some range — old vulnerabilities getting new life, a few "why was that even possib ... Read more
-
Daily CyberSecurity
Denial of Service Alert: React Server Components Vulnerability Causes CPU Spikes
React, the popular JavaScript library used by millions of developers for building user interfaces, has issued an urgent advisory regarding a denial of service (DoS) vulnerability. The flaw specificall ... Read more
-
Daily CyberSecurity
Sandbox Escape: Critical Flatpak Flaw Grants Full Host Access
Flatpak, the widely-used system for building, distributing, and running sandboxed desktop applications on Linux, has been hit by a critical security vulnerability. The flaw, tracked as CVE-2026-34078 ... Read more
-
Daily CyberSecurity
Security Alert: GitLab Issues Patch for High-Severity Vulnerabilities Across CE and EE
GitLab has released critical security updates for Community Edition (CE) and Enterprise Edition (EE). Versions 18.10.3, 18.9.5, and 18.8.9 address multiple high and medium-severity flaws that could co ... Read more
-
Daily CyberSecurity
The $86,000 Patch: Chrome 147 Crushes “Critical” WebML Memory Flaws
The Google Chrome team has officially promoted Chrome 147 to the stable channel for Windows, Mac, and Linux. This update, labeled version 147.0.7727.55/56, is a heavyweight release aimed at squashing ... Read more
-
Daily CyberSecurity
CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities ... Read more
-
Daily CyberSecurity
High-Severity Patches: NVIDIA Secures DALI and Triton Inference Server
NVIDIA has released two significant security updates addressing high-severity vulnerabilities across its DALI and Triton Inference Server software. The patches fix critical flaws that could lead to ar ... Read more
-
The Hacker News
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented mal ... Read more
-
Daily CyberSecurity
Firecracker Security Alert: Virtio-PCI Vulnerability Could Lead to Out-of-Bounds Memory Access
AWS has issued a high-severity security advisory for Firecracker, the open-source virtualization technology purpose-built for high-scale, multi-tenant services like AWS Lambda and Fargate. The vulnera ... Read more
-
Daily CyberSecurity
CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS
In the world of secure software development, sandboxing is the ultimate safety net—a controlled environment designed to run untrusted code without letting it touch the “real” system. However, a critic ... Read more
-
Daily CyberSecurity
Apache ActiveMQ Patches RCE and Path Traversal Flaws
Apache ActiveMQ, the widely used open-source message broker, has released critical security updates to address two vulnerabilities that could allow attackers to execute arbitrary code or access restri ... Read more
-
Daily CyberSecurity
Critical Zero-Day: Unauthenticated RCE Exploited in Weaver E-cology 10.0
A critical security vulnerability, tracked as CVE-2026-22679, has been identified in Weaver (Fanwei) E-cology 10.0, one of the most widely used enterprise collaborative office platforms. With a CVSS s ... Read more
-
Daily CyberSecurity
Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways
A critical security vulnerability, tracked as CVE-2021-4473, has been identified in the Tianxin Internet Behavior Management System. With a severe CVSS score of 9.3, this flaw allows unauthenticated a ... Read more
The following table lists the changes that have been made to the
CVE-2026-5281 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Apr. 02, 2026
Action Type Old Value New Value Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281 Types: US Government Resource -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Apr. 01, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281 -
Initial Analysis by [email protected]
Apr. 01, 2026
Action Type Old Value New Value Added CPE Configuration AND OR *cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to (excluding) 146.0.7680.177 OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* Added Reference Type Chrome: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html Types: Vendor Advisory Added Reference Type Chrome: https://issues.chromium.org/issues/491518608 Types: Issue Tracking, Permissions Required -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Apr. 01, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H -
New CVE Received by [email protected]
Apr. 01, 2026
Action Type Old Value New Value Added Description Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Added CWE CWE-416 Added Reference https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html Added Reference https://issues.chromium.org/issues/491518608